Israel Hacked Kaspersky, Told NSA That Russia Breached It And Stole Their Secrets

Back in 2015, the Israeli government hacked into the computers of Kaspersky Lab, the Moscow-based cybersecurity firm that develops the antivirus of the same name. What they found was beyond anything expected – they discovered hacking tools that originated from the US National Security Agency.

Reuters

The Israeli government then notified NSA, which began a panicked investigation to find the breach. Not only did they find that the unwitting source was an NSA contractor, but that their stolen tools were in the hands of the Russian government. Things were not looking good for Kaspersky, which was already under the spotlight in the US over suspicions that its antivirus allows Russia’s intelligence arm to spy on other countries.

Despite occurring two years ago, the incident came to light only last week, when it was reported by The Wall Street Journal. Just last month, the Department of Homeland Security instructed all federal agencies to identify any computers or servers running Kaspersky products and purge them from the systems, citing the “risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information.” By that point, Kaspersky had just been removed from the approved list of vendors by the General Services Administration (which facilitates the working of all federal agencies), and the senate is now considering banning it across all government departments and services.

The NSA, has so far, declined to comment on the story, though Kaspersky publicly maintains its innocence. “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” a company spokesperson said.

In their probe to find the leak source, the NSA reportedly pinpointed an employee in their Tailored Access Operations division, a unit composed of hackers that gather intelligence on foreign targets. The employee was reportedly using Kaspersky’s antivirus on his home computer. Internal sources told media there wasn’t any malice involved, and the leak was unintentional from his end.

Kaspersky has come under scrutiny in the cybersecurity industry over the past few years for two main reasons. One, they use an industry technique called ‘silent signatures’, strings of code that operate behind the scenes to detect malware, but can easily be rewritten to search computers for other data. It’s a standard industry technique, one that wouldn’t be so worrying on its own if not for the other detail. Kaspersky is also the only major antivirus company that routes its data through Russian Internet service providers and service providers, by local law, are subject to Russian surveillance. The company claims all the data provided to the government is encrypted, but experts aren’t so sure if that makes the data unreadable by Russian intelligence agencies.

So, US government has been steadily attempting to wean even large private sector corporations off Kaspersky products. It believes that, whether or not the cybersecurity firm works directly for Vladimir Putin, any data passed through them is vulnerable.

In short, Israel hacked into Kaspersky, where they found the NSA's hacking tools, which the Russian government likely stole, and now no one wants to use Kaspersky's antivirus. Just your average day in government intelligence.